[#MDEV-32137] Server crashes in select_insert::prepare upon EXPLAIN on INSERT .. SELECT with IN list reaching in_predicate_conversion

SET in_predicate_conversion_threshold=2;

CREATE TABLE t (a INT, b INT);

INSERT INTO t VALUES (1,1),(2,2);

EXPLAIN INSERT INTO t (a) SELECT a FROM t WHERE b IN (2,3);

# Cleanup

DROP TABLE t;

10.4 900c4d69
#3 <signal handler called>
#4 0x00005603f9750716 in select_insert::prepare (this=0x62b0000646b8, values=..., u=0x62b0000662b0) at /data/src/10.4/sql/sql_insert.cc:3856
#5 0x00005603f9aaa12c in st_select_lex_unit::prepare (this=0x62b0000662b0, derived_arg=0x62b000066c38, sel_result=0x62b0000646b8, additional_options=268435460) at /data/src/10.4/sql/sql_union.cc:888
#6 0x00005603f996a943 in mysql_explain_union (thd=0x62b00005b208, unit=0x62b0000662b0, result=0x62b0000646b8) at /data/src/10.4/sql/sql_select.cc:27693
#7 0x00005603f996a313 in select_describe (join=0x62b000064770, need_tmp_table=true, need_order=false, distinct=false, message=0x0) at /data/src/10.4/sql/sql_select.cc:27661
#8 0x00005603f98c29ac in JOIN::exec_inner (this=0x62b000064770) at /data/src/10.4/sql/sql_select.cc:4567
#9 0x00005603f98c062e in JOIN::exec (this=0x62b000064770) at /data/src/10.4/sql/sql_select.cc:4387
#10 0x00005603f98c46c0 in mysql_select (thd=0x62b00005b208, tables=0x62b000063218, wild_num=0, fields=..., conds=0x62b000063c18, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184068, result=0x62b0000646b8, unit=0x62b00005f140, select_lex=0x62b000062bc0) at /data/src/10.4/sql/sql_select.cc:4826
#11 0x00005603f996ade4 in mysql_explain_union (thd=0x62b00005b208, unit=0x62b00005f140, result=0x62b0000646b8) at /data/src/10.4/sql/sql_select.cc:27707
#12 0x00005603f97f6c84 in mysql_execute_command (thd=0x62b00005b208) at /data/src/10.4/sql/sql_parse.cc:4725
#13 0x00005603f980da77 in mysql_parse (thd=0x62b00005b208, rawbuf=0x62b000062228 "EXPLAIN INSERT INTO t (a) SELECT a FROM t WHERE b IN (2,3)", length=58, parser_state=0x7f75698d2860, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:8010
#14 0x00005603f97e3d42 in dispatch_command (command=COM_QUERY, thd=0x62b00005b208, packet=0x629000230209 "EXPLAIN INSERT INTO t (a) SELECT a FROM t WHERE b IN (2,3)", packet_length=58, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1857
#15 0x00005603f97e08b1 in do_command (thd=0x62b00005b208) at /data/src/10.4/sql/sql_parse.cc:1378
#16 0x00005603f9bdfe10 in do_handle_one_connection (connect=0x6080000009a8) at /data/src/10.4/sql/sql_connect.cc:1420
#17 0x00005603f9bdf727 in handle_one_connection (arg=0x6080000009a8) at /data/src/10.4/sql/sql_connect.cc:1324
#18 0x00005603fa84fe20 in pfs_spawn_thread (arg=0x615000003508) at /data/src/10.4/storage/perfschema/pfs.cc:1869
#19 0x00007f75716a7fd4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#20 0x00007f75717285bc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Reproducible on all existing branches, release and debug builds alike, including earlier minor releases.

[MDEV-32137] Server crashes in select_insert::prepare upon EXPLAIN on INSERT .. SELECT with IN list reaching in_predicate_conversion_threshold Created: 2023-09-09 Updated: 2023-11-28
Status:	Open
Project:	MariaDB Server
Component/s:	Optimizer
Affects Version/s:	10.4, 10.5, 10.6, 10.10, 10.11, 11.0, 11.1
Fix Version/s:	10.4, 10.5, 10.6, 10.11, 11.0, 11.1

[MDEV-32137] Server crashes in select_insert::prepare upon EXPLAIN on INSERT .. SELECT with IN list reaching in_predicate_conversion_threshold Created: 2023-09-09 Updated: 2023-11-28